tempest

Add Glance policy tests

Registered by Yaniv Kaul on 2013-01-07

Glance supports granular permission that is specified by a policy file.
See http://docs.openstack.org/developer/glance/policies.html for more details.
Tempest should configure the policy file to some non-default policy and test permissions.
Example:

Edit /etc/glance/policy.json

{
    "default": [],
    "add_image": ["role:admin"],
    "modify_image": ["role:admin"],
    "delete_image": ["role:admin"]
}

1. upload an image using a non-admin and a non-superuser role

2. Try to delete using 'glance image-delete' it with a user which is not in an admin role.

Non-admin fails with HTTP403, admin succeeds

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: Attila Fazekas

Definition:: Superseded

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Giulio Fidente on 2013-12-17

Related branches

Related bugs

Sprints

Whiteboard

For new API tests please use: https://etherpad.openstack.org/p/TempestTestDevelopment (Dec 2013)

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Yaniv Kaul