From ec74e6a57ca4945a8e31474d88202b71330266f5 Mon Sep 17 00:00:00 2001 From: Alex Kavanagh Date: Tue, 24 Sep 2019 19:21:37 +0100 Subject: [PATCH] Switch the order of the tests --- zaza/openstack/charm_tests/policyd/tests.py | 40 ++++++++++----------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/zaza/openstack/charm_tests/policyd/tests.py b/zaza/openstack/charm_tests/policyd/tests.py index 915c23fa4..07f47535f 100644 --- a/zaza/openstack/charm_tests/policyd/tests.py +++ b/zaza/openstack/charm_tests/policyd/tests.py @@ -155,11 +155,12 @@ def test_disable_service(self): self._set_policy_with( {'rule.yaml': "{'identity:list_services': '!'}"}) - # verify (with the config off) that we can actually access - # these points + # verify that the policy.d override does disable the endpoint with self.config_change( - {'preferred-api-version': self.default_api_version}, - {'preferred-api-version': '3'}, + {'preferred-api-version': self.default_api_version, + 'use-policyd-override': 'False'}, + {'preferred-api-version': '3', + 'use-policyd-override': 'True'}, application_name="keystone"): zaza_model.block_until_all_units_idle() for ip in self.keystone_ips: @@ -185,21 +186,19 @@ def test_disable_service(self): openstack_utils.get_keystone_session_client( keystone_session)) keystone_client.services.list() - logging.info("keystone IP:{} without policyd override " - "services list working" - .format(ip)) - except keystoneauth1.exceptions.http.Forbidden: raise zaza_exceptions.PolicydError( - 'Retrieve services list as demo user with project ' - 'scoped token passed and should have passed. IP = {}' + 'Retrieve service list as admin with project scoped ' + 'token passed and should have failed. IP = {}' .format(ip)) + except keystoneauth1.exceptions.http.Forbidden: + logging.info("keystone IP:{} policyd override working" + .format(ip)) - # now verify that the policy.d override does disable the endpoint + # now verify (with the config off) that we can actually access + # these points with self.config_change( - {'preferred-api-version': self.default_api_version, - 'use-policyd-override': 'False'}, - {'preferred-api-version': '3', - 'use-policyd-override': 'True'}, + {'preferred-api-version': self.default_api_version}, + {'preferred-api-version': '3'}, application_name="keystone"): zaza_model.block_until_all_units_idle() for ip in self.keystone_ips: @@ -225,13 +224,14 @@ def test_disable_service(self): openstack_utils.get_keystone_session_client( keystone_session)) keystone_client.services.list() + logging.info("keystone IP:{} without policyd override " + "services list working" + .format(ip)) + except keystoneauth1.exceptions.http.Forbidden: raise zaza_exceptions.PolicydError( - 'Retrieve service list as admin with project scoped ' - 'token passed and should have failed. IP = {}' + 'Retrieve services list as demo user with project ' + 'scoped token passed and should have passed. IP = {}' .format(ip)) - except keystoneauth1.exceptions.http.Forbidden: - logging.info("keystone IP:{} policyd override working" - .format(ip)) logging.info('OK')