Improve Patrole config options - Renames "rbac_flag" to "enable_rbac" - Creates "strict_policy_check" option - Resolves bug where policy not in policy.json would pass RBAC test, leading to false test results Change-Id: I76429e6cb0ed4cad154a07b7a873fd23209da674 Closes-Bug: #1673626

commit: 0d88008a1ec99474b48c58856d6015a8a97ae6e0 [log] [tgz]
author: Samantha Blanco <samantha.blanco@att.com> Thu Mar 23 18:14:37 2017 -0400
committer: Samantha Blanco <samantha.blanco@att.com> Fri Mar 24 14:45:18 2017 -0400
tree: 839780a26e5fbb6ba98109651b712ada9cc92e10
parent: 8141149e557a9e43443d38848ccd33d6591bac5c [diff] [blame]
diff --git a/patrole_tempest_plugin/rbac_auth.py b/patrole_tempest_plugin/rbac_auth.py
index 687c0a8..7281969 100644
--- a/patrole_tempest_plugin/rbac_auth.py
+++ b/patrole_tempest_plugin/rbac_auth.py

@@ -17,10 +17,13 @@
 
 from oslo_log import log as logging
 
+from tempest import config
+
 from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_policy_parser
 
 LOG = logging.getLogger(__name__)
+CONF = config.CONF
 
 
 class RbacAuthority(object):
@@ -39,5 +42,8 @@
                           rule_name, role)
             return is_allowed
         except rbac_exceptions.RbacParsingException as e:
-            raise testtools.TestCase.skipException(str(e))
+            if CONF.rbac.strict_policy_check:
+                raise e
+            else:
+                raise testtools.TestCase.skipException(str(e))
         return False
commit	0d88008a1ec99474b48c58856d6015a8a97ae6e0	[log] [tgz]
author	Samantha Blanco <samantha.blanco@att.com>	Thu Mar 23 18:14:37 2017 -0400
committer	Samantha Blanco <samantha.blanco@att.com>	Fri Mar 24 14:45:18 2017 -0400
tree	839780a26e5fbb6ba98109651b712ada9cc92e10
parent	8141149e557a9e43443d38848ccd33d6591bac5c [diff] [blame]