def _validate_len(self): """Validates that the number of resources is less than admin resources. """ if not len(self.resources): raise rbac_exceptions.RbacEmptyResponseBody() elif self._admin_len > len(self.resources): raise rbac_exceptions.RbacPartialResponseBody(body=self.resources)
def test_list_security_group_rules(self): with self.override_role(): security_rules = self.security_group_rules_client.\ list_security_group_rules() # Neutron may return an empty list if access is denied. if not security_rules['security_group_rules']: raise rbac_exceptions.RbacEmptyResponseBody()
def test_show_network_provider_segmentation_id(self): """Show Network Provider Segmentation Id Test RBAC test for the neutron get_network:provider:segmentation_id policy """ kwargs = {'fields': 'provider:segmentation_id'} with self.override_role(): retrieved_network = self.networks_client.show_network( self.network['id'], **kwargs)['network'] if len(retrieved_network) == 0: raise rbac_exceptions.RbacEmptyResponseBody()
def test_show_network_router_external(self): """Show Network Router External Test RBAC test for the neutron get_network:router:external policy """ kwargs = {'fields': 'router:external'} with self.override_role(): retrieved_network = self.networks_client.show_network( self.network['id'], **kwargs)['network'] if len(retrieved_network) == 0: raise rbac_exceptions.RbacEmptyResponseBody()
def test_show_network_segments(self): """Show network segments. RBAC test for the neutron get_network:segments policy """ network = self._create_network_segments() with self.override_role(): body = self.networks_client.show_network(network['id'], fields='segments') response_network = body['network'] # If user does not have access to the network segments attribute, # no NotFound or Forbidden exception are thrown. Instead, # the response will have an empty network body only. if not response_network: LOG.info("NotFound or Forbidden exception are not thrown when " "role doesn't have access to the endpoint. Instead, " "the response will have an empty network body.") raise rbac_exceptions.RbacEmptyResponseBody()