diff --git a/deps/rabbitmq_management/test/rabbit_mgmt_test_http.erl b/deps/rabbitmq_management/test/rabbit_mgmt_test_http.erl
index f012e6bedf..3a56da8ad8 100644
--- a/deps/rabbitmq_management/test/rabbit_mgmt_test_http.erl
+++ b/deps/rabbitmq_management/test/rabbit_mgmt_test_http.erl
@@ -34,8 +34,12 @@
 overview_test() ->
     %% Rather crude, but this req doesn't say much and at least this means it
     %% didn't blow up.
-    Overview = http_get("/overview"),
-    [<<"0.0.0.0:5672">>] = pget(bound_to, Overview).
+    [<<"0.0.0.0:5672">>] = pget(bound_to, http_get("/overview")),
+    %% TODO uncomment when priv works in test
+    %%http_get(""),
+    %% Just for coverage
+    http_get("/applications"),
+    ok.
 
 auth_test() ->
     test_auth(?NOT_AUTHORISED, []),
@@ -276,6 +280,9 @@ bindings_test() ->
     http_put("/bindings/%2f/myqueue/badexchange/routing", [], ?NOT_FOUND),
     http_put("/bindings/%2f/myqueue/myexchange/bad_routing", [], ?BAD_REQUEST),
     http_put("/bindings/%2f/myqueue/myexchange/routing", [], ?NO_CONTENT),
+    http_get("/bindings/%2f/myqueue/myexchange/routing", ?OK),
+    %% TODO this actually fails!
+    %%http_get("/bindings/%2f/myqueue/myexchange/rooting", ?NOT_FOUND),
     Binding =
         [{exchange,<<"myexchange">>},
          {vhost,<<"/">>},
@@ -302,6 +309,8 @@ bindings_test() ->
     http_delete("/exchanges/%2f/myexchange", ?NO_CONTENT),
     http_delete("/queues/%2f/myqueue", ?NO_CONTENT),
     http_get("/bindings/badvhost", ?NOT_FOUND),
+    %% TODO this fails too!
+    %%http_get("/bindings/%2f/myqueue/myexchange/routing", ?NOT_FOUND),
     ok.
 
 bindings_post_test() ->
@@ -330,11 +339,17 @@ bindings_post_test() ->
     ok.
 
 permissions_administrator_test() ->
+    http_put("/users/isadmin", [{password, <<"isadmin">>},
+                                {administrator, true}], ?NO_CONTENT),
+    http_put("/users/notadmin", [{password, <<"notadmin">>},
+                                 {administrator, true}], ?NO_CONTENT),
     http_put("/users/notadmin", [{password, <<"notadmin">>},
                                  {administrator, false}], ?NO_CONTENT),
     Test =
         fun(Path) ->
                 http_get(Path, "notadmin", "notadmin", ?NOT_AUTHORISED),
+                %% TODO this fails!
+                %%http_get(Path, "isadmin", "isadmin", ?OK),
                 http_get(Path, "guest", "guest", ?OK)
         end,
     %% All users can get a list of vhosts. It may be filtered.
@@ -440,6 +455,8 @@ permissions_connection_channel_test() ->
     amqp_connection:close(Conn1),
     amqp_connection:close(Conn2),
     http_delete("/users/user", ?NO_CONTENT),
+    http_get("/connections/foo", ?NOT_FOUND),
+    http_get("/channels/foo", ?NOT_FOUND),
     ok.
 
 unicode_test() ->
@@ -569,10 +586,14 @@ queue_purge_test() ->
               end,
     Publish(),
     Publish(),
+    amqp_channel:call(
+      Ch, #'queue.declare'{queue = <<"exclusive">>, exclusive = true}),
     {#'basic.get_ok'{}, _} =
         amqp_channel:call(Ch, #'basic.get'{queue = <<"myqueue">>}),
     http_delete("/queues/%2f/myqueue/contents", ?NO_CONTENT),
     http_delete("/queues/%2f/badqueue/contents", ?NOT_FOUND),
+    http_delete("/queues/%2f/exclusive/contents", ?BAD_REQUEST),
+    http_delete("/queues/%2f/exclusive", ?BAD_REQUEST),
     #'basic.get_empty'{} =
         amqp_channel:call(Ch, #'basic.get'{queue = <<"myqueue">>}),
     amqp_channel:close(Ch),