Merge "[S-RBAC] Fix policies for the l3_conntrack_helpers APIs" into stable/2025.1

Author: Zuul

neutron/conf/policies/l3_conntrack_helper.py

@@ -32,7 +32,7 @@
         name='create_router_conntrack_helper',
         check_str=neutron_policy.policy_or(
             base.ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_PARENT_OWNER),
+            base.PARENT_OWNER_MEMBER),
         scope_types=['project'],
         description='Create a router conntrack helper',
         operations=[
@@ -51,7 +51,7 @@
         name='get_router_conntrack_helper',
         check_str=neutron_policy.policy_or(
             base.ADMIN_OR_PROJECT_READER,
-            base.RULE_PARENT_OWNER),
+            base.PARENT_OWNER_READER),
         scope_types=['project'],
         description='Get a router conntrack helper',
         operations=[
@@ -74,7 +74,7 @@
         name='update_router_conntrack_helper',
         check_str=neutron_policy.policy_or(
             base.ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_PARENT_OWNER),
+            base.PARENT_OWNER_MEMBER),
         scope_types=['project'],
         description='Update a router conntrack helper',
         operations=[
@@ -93,7 +93,7 @@
         name='delete_router_conntrack_helper',
         check_str=neutron_policy.policy_or(
             base.ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_PARENT_OWNER),
+            base.PARENT_OWNER_MEMBER),
         scope_types=['project'],
         description='Delete a router conntrack helper',
         operations=[

neutron/tests/unit/conf/policies/test_l3_conntrack_helper.py

@@ -29,18 +29,29 @@ def setUp(self):
         self.router = {
             'id': uuidutils.generate_uuid(),
             'project_id': self.project_id}
+        self.alt_router = {
+            'id': uuidutils.generate_uuid(),
+            'project_id': self.alt_project_id}
+
         self.target = {
             'project_id': self.project_id,
             'router_id': self.router['id'],
             'ext_parent_router_id': self.router['id']}
-
         self.alt_target = {
             'project_id': self.alt_project_id,
-            'router_id': self.router['id'],
-            'ext_parent_router_id': self.router['id']}
+            'router_id': self.alt_router['id'],
+            'ext_parent_router_id': self.alt_router['id']}
+
+        routers = {
+            self.router['id']: self.router,
+            self.alt_router['id']: self.alt_router,
+        }
+
+        def get_router(context, router_id, fields=None):
+            return routers[router_id]
 
         self.plugin_mock = mock.Mock()
-        self.plugin_mock.get_router.return_value = self.router
+        self.plugin_mock.get_router.side_effect = get_router
         mock.patch(
             'neutron_lib.plugins.directory.get_plugin',
             return_value=self.plugin_mock).start()