Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 17e9b49f4849d1e2900bf087d7c8b059c135b48b^! / .
commit17e9b49f4849d1e2900bf087d7c8b059c135b48b[log] [tgz]
authorFelipe Monteiro <felipe.monteiro@att.com>Sat May 27 05:45:20 2017 +0100
committerFelipe Monteiro <felipe.monteiro@att.com>Thu Jun 01 15:42:03 2017 +0000
tree3f026d33e962adb7fd046e1622f78610a959529b
parenteeb271a21ef1bdcda060643b970ecff15c30b1a1 [diff]
Add rbac_utils is_admin helper method

This patch adds a helper method to rbac_utils.RbacUtils called
``is_admin`` which returns True if the current RBAC test role
is equal to the admin role defined in tempest.conf (i.e.
CONF.rbac.rbac_test_role == CONF.identity.admin_role). This
makes it easier to check this equivalence in a test by simply
running:

    if self.rbac_utils.is_admin:
        do something

Change-Id: I0efb005f90ac77449453f6b68a010ec64e7a03f7

diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index c63ef90..ba04a30 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py

@@ -81,7 +81,7 @@
                 LOG.info("As admin_only is True, only admin role should be "
                          "allowed to perform the API. Skipping oslo.policy "
                          "check for policy action {0}.".format(rule))
-                allowed = CONF.rbac.rbac_test_role == CONF.identity.admin_role
+                allowed = test_obj.rbac_utils.is_admin
             else:
                 allowed = _is_authorized(test_obj, service, rule,
                                          extra_target_data)

diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index fe2d99f..3bb2cbd 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py

@@ -162,3 +162,11 @@
 
         self.admin_role_id = admin_role_id
         self.rbac_role_id = rbac_role_id
+
+    @property
+    def is_admin(self):
+        """Verifies whether the current test role equals the admin role.
+
+        :returns: True if ``rbac_test_role`` is the admin role.
+        """
+        return CONF.rbac.rbac_test_role == CONF.identity.admin_role

diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
index 9a4363d..784045a 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py

@@ -112,8 +112,7 @@
         admin-scoped tenants, raise ``RbacActionFailed`` exception otherwise.
         """
         tenants_client = self.os_admin.tenants_client if \
-            CONF.identity.admin_role == CONF.rbac.rbac_test_role else \
-            self.os_primary.tenants_client
+            self.rbac_utils.is_admin else self.os_primary.tenants_client
         admin_tenant_id = self.os_admin.auth_provider.credentials.project_id
         non_admin_tenant_id = self.auth_provider.credentials.project_id