From a32eaf0dd8a4cd1825f69b97dc7ac51519ec07d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= Date: Tue, 30 Aug 2022 14:50:36 -0500 Subject: [PATCH] Test secret access via ACL This patch enhances the ACL test to ensure that "other" user is not able to get a secret before being added to the ACL. After adding the ACL for the user, we check again to ensure the ACL is working as intended by allowing the user now in the ACL to access the secret. Change-Id: I0b4e1fc71c62376301858128dd2fbb75bd1fa602 --- barbican_tempest_plugin/tests/rbac/v1/test_secrets.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py index e8a3607..bdd56b2 100644 --- a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py +++ b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py @@ -569,9 +569,16 @@ class ProjectMemberTests(ProjectReaderTests): self.assertIn("read", acl.keys()) def test_put_secret_acl(self): + self.assertRaises( + exceptions.Forbidden, + self.other_secret_client.get_secret_metadata, + self.secret_id + ) _ = self.client.put_secret_acl(self.secret_id, self.valid_acl) acl = self.client.get_secret_acl(self.secret_id) self.assertIn(self.other_secret_client.user_id, acl['read']['users']) + resp = self.other_secret_client.get_secret_metadata(self.secret_id) + self.assertIn(self.secret_id, resp['secret_ref']) def test_patch_secret_acl(self): _ = self.client.put_secret_acl(self.secret_id, self.valid_acl)