commit | a6d4ceaf57f3a86be8318b4e84111d71104c28f5 | [log] [tgz] |
---|---|---|
author | Colleen Murphy <colleen.murphy@suse.com> | Mon Dec 23 13:56:27 2019 -0800 |
committer | Lance Bragstad <lbragstad@gmail.com> | Thu Feb 11 16:02:54 2021 +0000 |
tree | 9f87bcf384bdce3a138d068c5b3c9f07b0a52dfd | |
parent | 2473e5bdbadb30458af0030707c1c201c9393f17 [diff] |
Add RBAC tests This change leverages the nine default personas available in tempest[1] to demonstrate a potential framework for testing default policies. An abstract base class is created that helps set up credentials and outlines every policy that needs to be tested, then nine subclasses are created to test every persona. Each test represents one policy rule, and some tests make multiple requests in order to test the policy from different approaches, for example, to check what happens if a different domain is specified, or what happens if the resource does not exist. The idea here is to be very verbose and explicit about what is being tested: every policy gets one test in the base class, and each persona is tested in a subclass. The layout should be easy to understand and someone reading the code should not be left guessing whether a case is missing or if there is magic happening in the background that is causing a false positive or false negative. This is intended to replace the unittest protection tests currently in place. [1] https://review.opendev.org/686306 (this will require additional devstack and keystone configuration to work properly in CI) Depends-on: https://review.opendev.org/686306 Depends-on: https://review.opendev.org/699051 Depends-on: https://review.opendev.org/699519 Depends-on: https://review.opendev.org/700826 Depends-on: https://review.opendev.org/743853 Depends-on: https://review.opendev.org/744087 Depends-on: https://review.opendev.org/744268 Depends-on: https://review.opendev.org/731087 Change-Id: Icb5317b9297230490bd783fe9b07c8db244c06f8