Add try/except block to rbac_rule_validation.
Right now, the tenant_id passed in to the rbac converter is vulnerable
to IndexError/AttributeError: rbac_rule_validation decorator
assumes that auth_provider.credentials.tenant_id is present in
args[0].
Also added __init__.py to tests.api.image.v2.
Change-Id: Ie47913c0adb686c2cdb2f7cbf71861a2b6591452
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 7f9d4d2..ee32f78 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -28,8 +28,14 @@
def action(service, rule):
def decorator(func):
def wrapper(*args, **kwargs):
- authority = rbac_auth.RbacAuthority(
- args[0].auth_provider.credentials.tenant_id, service)
+ try:
+ tenant_id = args[0].auth_provider.credentials.tenant_id
+ except (IndexError, AttributeError) as e:
+ msg = ("{0}: tenant_id not found in "
+ "cls.auth_provider.credentials".format(e))
+ LOG.error(msg)
+ raise rbac_exceptions.RbacResourceSetupFailed(msg)
+ authority = rbac_auth.RbacAuthority(tenant_id, service)
allowed = authority.get_permission(rule, CONF.rbac.rbac_test_role)
try:
diff --git a/patrole_tempest_plugin/tests/api/image/v2/__init__.py b/patrole_tempest_plugin/tests/api/image/v2/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/patrole_tempest_plugin/tests/api/image/v2/__init__.py