Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 1c8620af7a9cf5b2bf7336592b42bb86d3e44c21^! / . / HACKING.rst
commit1c8620af7a9cf5b2bf7336592b42bb86d3e44c21[log] [tgz]
authorFelipe Monteiro <felipe.monteiro@att.com>Sun Feb 25 18:52:22 2018 +0000
committerFelipe Monteiro <felipe.monteiro@att.com>Sun Mar 25 04:27:02 2018 +0000
treea89370ea6027bf70a2288f5e81829b12a071954d
parent2e6c54854eff80268bbd9e21031b201116106c4a [diff] [blame]
Remove deprecated switch_role method

This is to remove the deprecated switch_role method from
rbac_utils module as it has been replaced by override_role
which is a superior way to manipulate the underlying role used
for querying API endpoints in Tempest.

Change-Id: Ibaffcd8cd0b62ad792b0ef5f9be4d33ec31e8c7a

diff --git a/HACKING.rst b/HACKING.rst
index a94b47c..056c86a 100644
--- a/HACKING.rst
+++ b/HACKING.rst

@@ -39,25 +39,17 @@
 - [P103] ``self.client`` must not be used as a client alias; this allows for
          code that is more maintainable and easier to read
 
-Role Switching
---------------
+Role Overriding
+---------------
 
-Correct role switching is vital to correct RBAC testing within Patrole. If a
-test does not call ``rbac_utils.switch_role`` with ``toggle_rbac_role=True``
-within the RBAC test, then the test is *not* a valid RBAC test: The API
-endpoint under test will be performed with admin credentials, which is always
-wrong unless ``CONF.patrole.rbac_test_role`` is admin.
+Correct role overriding is vital to correct RBAC testing within Patrole. If a
+test does not call ``rbac_utils.override_role`` within the RBAC test, followed
+by the API endpoint that enforces the expected policy action, then the test is
+**not** a valid Patrole test: The API endpoint under test will be performed
+with admin role, which is always wrong unless ``CONF.patrole.rbac_test_role``
+is also admin.
 
-.. note::
+.. todo::
 
-    Switching back to the admin role for setup and clean up is automatically
-    performed. Toggling ``switch_role`` with ``toggle_rbac_role=False`` within
-    the context of a test should *never* be performed and doing so will likely
-    result in an error being thrown.
-..
-
-Patrole does not have a hacking check for role switching, but does use a
-built-in mechanism for verifying that role switching is being correctly
-executed across tests. If a test does not call ``switch_role`` with
-``toggle_rbac_role=True``, then an ``RbacResourceSetupFailed`` exception
-will be raised.
+    Patrole does not have a hacking check for role overriding, but one may be
+    added in the future.