docs: Add sections about context_is_admin/custom policy checks
This documentation adds oslo.policy/policy related information
to Patrole RBAC documentation so users understand some limitations
related to current implementation of oslo.policy in OpenStack
and some limitations around edge case policy testing w.r.t custom
oslo.policy rulechecks.
* Currently admin context policy rule is used to skip over oslo.policy
authorization checks in many services -- this is important to note
as this means Patrole can't properly validate admin against
oslo.policy [0].
* Currently it is not possible to test policy rules that rely on
generic checks/oslo.policy checks defined in services themselves
like Neutron's FieldCheck [1] as Patrole has no way of importing such
code in order to get these checks registered.
[0] https://github.com/openstack/neutron/blob/b4b725ade9e11aff80c6193cb4acd49f2aba012d/neutron/policy.py#L374
[1] https://docs.openstack.org/neutron/pike/contributor/internals/policy.html#fieldcheck-verify-resource-attributes
Change-Id: I0e375a11eb323d83b1ece1537dbd008633126eb3
diff --git a/doc/source/test_writing_guide.rst b/doc/source/test_writing_guide.rst
index d25f60a..64f5a81 100644
--- a/doc/source/test_writing_guide.rst
+++ b/doc/source/test_writing_guide.rst
@@ -10,8 +10,8 @@
#. :ref:`rbac-test-execution`
#. :ref:`rbac-test-cleanup`
-See the :ref:`framework overview documentation <framework-overview>` for a
-high-level explanation of the entire testing work flow and framework
+See the :ref:`framework overview documentation <validation-workflow-overview>`
+for a high-level explanation of the entire testing work flow and framework
implementation. The guide that follows is concerned with helping developers
know how to write Patrole tests.