+1 to adding tempest tests to confirm that dangerous calls are not allowed (failing by getting 409, 401, or 403 errors) depending on the configuration options.
+1 to adding tempest tests to confirm that dangerous calls are not allowed (failing by getting 409, 401, or 403 errors) depending on the configuration options.