Merge "Cleanup py27 support"

commit: 1686d23f3881ed3b2d793b71c44e5dde2153a85c [log] [tgz]
author: Zuul <zuul@review.opendev.org> Tue Apr 28 20:37:34 2020 +0000
committer: Gerrit Code Review <review@openstack.org> Tue Apr 28 20:37:34 2020 +0000
tree: c9c64745ed888e567be6cebc622e81ccdc0dd08c
parent: 9283a9d6e90b40503d2e014bd3f1dec8b4137b57 [diff]
parent: d69a6367a1340c4828a6e5eab68211bba5f2ae73 [diff]
diff --git a/doc/source/contributor/contributing.rst b/doc/source/contributor/contributing.rst
index c90dfa5..d0e5a21 100644
--- a/doc/source/contributor/contributing.rst
+++ b/doc/source/contributor/contributing.rst

@@ -13,13 +13,13 @@
 
 Communication
 ~~~~~~~~~~~~~
-* IRC channel #openstack-qa at FreeNode
+* IRC channel ``#openstack-qa`` at FreeNode
 * Mailing list (prefix subjects with ``[qa]`` for faster responses)
   http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss
 
 Contacting the Core Team
 ~~~~~~~~~~~~~~~~~~~~~~~~
-Please refer the `Patrole Core Team
+Please refer to the `Patrole Core Team
 <https://review.opendev.org/#/admin/groups/1673,members>`_ contacts.
 
 New Feature Planning
@@ -51,7 +51,7 @@
 All common PTL duties are enumerated in the `PTL guide
 <https://docs.openstack.org/project-team-guide/ptl.html>`_.
 
-Release Process fir QA is documented in `QA Release Process
-<https://wiki.openstack.org/wiki/QA#Releases_Process>`_.
+The Release Process for QA is documented in `QA Release Process
+<https://wiki.openstack.org/wiki/QA/releases>`_.
 
 .. _Feature Proposal Process: https://wiki.openstack.org/wiki/QA#Feature_Proposal_.26_Design_discussions

diff --git a/patrole_tempest_plugin/policy_authority.py b/patrole_tempest_plugin/policy_authority.py
index 1defa6d..afa358a 100644
--- a/patrole_tempest_plugin/policy_authority.py
+++ b/patrole_tempest_plugin/policy_authority.py

@@ -186,9 +186,10 @@
             }
         )
         LOG.warn(deprecated_msg)
-        check_str = '(%s) or (%s)' % (default.check_str,
-                                      deprecated_rule.check_str)
-        return policy.RuleDefault(default.name, check_str)
+        default.check = policy.OrCheck(
+            [policy._parser.parse_rule(cs) for cs in
+                [default.check_str,
+                 deprecated_rule.check_str]])
 
     def get_rules(self):
         rules = policy.Rules()
@@ -229,7 +230,7 @@
                             # The `DocumentedRuleDefault` object has no
                             # `deprecated_rule` attribute in Pike
                             if getattr(rule, 'deprecated_rule', False):
-                                rule = self._handle_deprecated_rule(rule)
+                                self._handle_deprecated_rule(rule)
                         rules[rule.name] = rule.check
                     elif str(rule.check) != str(rules[rule.name]):
                         msg = ("The same policy name: %s was found in the "

diff --git a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
index 471d7da..f81262a 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_security_groups_rbac.py

@@ -13,6 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from tempest import config
 from tempest.lib.common.utils import data_utils
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
@@ -20,6 +21,17 @@
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base
 
+CONF = config.CONF
+
+if CONF.policy_feature_enabled.changed_nova_policies_ussuri:
+    _SG_LIST = "os_compute_api:os-security-groups:list"
+    _SG_ADD = "os_compute_api:os-security-groups:add"
+    _SG_REMOVE = "os_compute_api:os-security-groups:remove"
+else:
+    _SG_LIST = "os_compute_api:os-security-groups"
+    _SG_ADD = "os_compute_api:os-security-groups"
+    _SG_REMOVE = "os_compute_api:os-security-groups"
+
 
 class SecurtiyGroupsRbacTest(rbac_base.BaseV2ComputeRbacTest):
     """Tests non-deprecated security group policies. Requires network service.
@@ -55,7 +67,7 @@
 
     @rbac_rule_validation.action(
         service="nova",
-        rules=["os_compute_api:os-security-groups"])
+        rules=[_SG_LIST])
     @decorators.idempotent_id('3db159c6-a467-469f-9a25-574197885520')
     def test_list_security_groups_by_server(self):
         with self.override_role():
@@ -64,7 +76,7 @@
 
     @rbac_rule_validation.action(
         service="nova",
-        rules=["os_compute_api:os-security-groups"])
+        rules=[_SG_ADD])
     @decorators.idempotent_id('ea1ca73f-2d1d-43cb-9a46-900d7927b357')
     def test_create_security_group_for_server(self):
         sg_name = self.create_security_group()['name']
@@ -78,7 +90,7 @@
 
     @rbac_rule_validation.action(
         service="nova",
-        rules=["os_compute_api:os-security-groups"])
+        rules=[_SG_REMOVE])
     @decorators.idempotent_id('0ad2e856-e2d3-4ac5-a620-f93d0d3d2626')
     def test_remove_security_group_from_server(self):
         sg_name = self.create_security_group()['name']

diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index 7bdd3da..95544b4 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py

@@ -36,11 +36,15 @@
     _ATTACH_INTERFACES_LIST = "os_compute_api:os-attach-interfaces:list"
     _ATTACH_INTERFACES_SHOW = "os_compute_api:os-attach-interfaces:show"
     _INSTANCE_ACTIONS_LIST = "os_compute_api:os-instance-actions:list"
+    _SERVER_PASSWORD_SHOW = "os_compute_api:os-server-password:show"
+    _SERVER_PASSWORD_CLEAR = "os_compute_api:os-server-password:clear"
 else:
     _DEFERRED_FORCE = "os_compute_api:os-deferred-delete"
     _ATTACH_INTERFACES_LIST = "os_compute_api:os-attach-interfaces"
     _ATTACH_INTERFACES_SHOW = "os_compute_api:os-attach-interfaces"
     _INSTANCE_ACTIONS_LIST = "os_compute_api:os-instance-actions"
+    _SERVER_PASSWORD_SHOW = "os_compute_api:os-server-password"
+    _SERVER_PASSWORD_CLEAR = "os_compute_api:os-server-password"
 
 
 class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
@@ -493,7 +497,7 @@
     @decorators.idempotent_id('aaf43f78-c178-4581-ac18-14afd3f1f6ba')
     @rbac_rule_validation.action(
         service="nova",
-        rules=["os_compute_api:os-server-password"])
+        rules=[_SERVER_PASSWORD_CLEAR])
     def test_delete_server_password(self):
         """Test delete server password, part of os-server-password."""
         with self.override_role():
@@ -502,7 +506,7 @@
     @utils.requires_ext(extension='os-server-password', service='compute')
     @rbac_rule_validation.action(
         service="nova",
-        rules=["os_compute_api:os-server-password"])
+        rules=[_SERVER_PASSWORD_SHOW])
     @decorators.idempotent_id('f677971a-7d20-493c-977f-6ff0a74b5b2c')
     def test_get_server_password(self):
         """Test show server password, part of os-server-password."""

diff --git a/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml b/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml
index 67f28bc..545c544 100644
--- a/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml
+++ b/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml

@@ -13,3 +13,6 @@
       - os_compute_api:os-instance-usage-audit-log
       - os_compute_api:os-agents
       - os_compute_api:os-hypervisors
+      - os_compute_api:os-instance-actions
+      - os_compute_api:os-security-groups
+      - os_compute_api:os-server-password

diff --git a/releasenotes/notes/patrole-ussuri-release-6a2ec4e5c357fb19.yaml b/releasenotes/notes/patrole-ussuri-release-6a2ec4e5c357fb19.yaml
new file mode 100644
index 0000000..d4a262e
--- /dev/null
+++ b/releasenotes/notes/patrole-ussuri-release-6a2ec4e5c357fb19.yaml

@@ -0,0 +1,16 @@
+---
+prelude: >
+    This release is to tag the Patrole for OpenStack Ussuri release.
+    This release marks the start of Ussuri release support in Patrole.
+    After this release, Patrole will support below OpenStack Releases:
+
+      * Ussuri
+      * Train
+      * Stein
+
+    Current development of Patrole is for OpenStack Victoria development
+    cycle. Every Patrole commit is also tested against master during
+    the Victoria cycle. However, this does not necessarily mean that using
+    Patrole as of this tag will work against a Victoria (or future release)
+    cloud.
+    To be on safe side, use this tag to test the OpenStack Ussuri release.

diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst
index 32f74ec..b3922e6 100644
--- a/releasenotes/source/index.rst
+++ b/releasenotes/source/index.rst

@@ -6,6 +6,7 @@
    :maxdepth: 1
 
    unreleased
+   v0.9.0
    v0.8.0
    v0.7.0
    v0.6.0

diff --git a/releasenotes/source/v0.9.0.rst b/releasenotes/source/v0.9.0.rst
new file mode 100644
index 0000000..364bd3a
--- /dev/null
+++ b/releasenotes/source/v0.9.0.rst

@@ -0,0 +1,6 @@
+====================
+v0.9.0 Release Notes
+====================
+
+.. release-notes:: 0.9.0 Release Notes
+   :version: 0.9.0
commit	1686d23f3881ed3b2d793b71c44e5dde2153a85c	[log] [tgz]
author	Zuul <zuul@review.opendev.org>	Tue Apr 28 20:37:34 2020 +0000
committer	Gerrit Code Review <review@openstack.org>	Tue Apr 28 20:37:34 2020 +0000
tree	c9c64745ed888e567be6cebc622e81ccdc0dd08c
parent	9283a9d6e90b40503d2e014bd3f1dec8b4137b57 [diff]
parent	d69a6367a1340c4828a6e5eab68211bba5f2ae73 [diff]