openstack/barbican-tempest-plugin
Code Issues Proposed changes

Test secret access via ACL

Browse Source 
This patch enhances the ACL test to ensure that "other" user is not able
to get a secret before being added to the ACL.

After adding the ACL for the user, we check again to ensure the ACL is
working as intended by allowing the user now in the ACL to access the
secret.

Change-Id: I0b4e1fc71c62376301858128dd2fbb75bd1fa602
This commit is contained in:
Douglas Mendizábal 2022-08-30 14:50:36 -05:00
parent 01da5615db
commit a32eaf0dd8
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
View File

@ -569,9 +569,16 @@ class ProjectMemberTests(ProjectReaderTests):
self.assertIn("read", acl.keys())
def test_put_secret_acl(self):
self.assertRaises(
exceptions.Forbidden,
self.other_secret_client.get_secret_metadata,
self.secret_id
)
_ = self.client.put_secret_acl(self.secret_id, self.valid_acl)
acl = self.client.get_secret_acl(self.secret_id)
self.assertIn(self.other_secret_client.user_id, acl['read']['users'])
resp = self.other_secret_client.get_secret_metadata(self.secret_id)
self.assertIn(self.secret_id, resp['secret_ref'])
def test_patch_secret_acl(self):
_ = self.client.put_secret_acl(self.secret_id, self.valid_acl)