commit 322c5b696cc0373f425b6ed707b7114371d1e76c
author Felipe Monteiro <felipe.monteiro@att.com> Sun Feb 26 02:44:21 2017 +0000
committer Felipe Monteiro <felipe.monteiro@att.com> Sun Feb 26 20:22:01 2017 +0000
tree 049c24bd617259b106b7499ee5b7ec79bdd3c3f7
parent 21df3359da24a02615187975ee1b7ae4bcea202c

Change name of rbac_role_converter to rbac_policy_parser.

This patch simply changes the name of the file and class of
rbac_role_converter/RbacPolicyConverter to the more accurate
name of rbac_policy_parser/RbacPolicyParser, because no "conversion"
is actually performed; instead the policy file is parsed and the
contents of which are passed to oslo_policy, which if anything does
the actual conversion.

Also fixes a bug in the event that an Exception is caught
in rbac_policy_parser: when an Exception is thrown, `rule` is never
defined, resulting in a NameError in _try_rule. `rule` is changed
to `apply_rule` to resolve this.

Change-Id: I978c5134f8ab922b7fb3d9c901c936dee2f62f8b

patrole_tempest_plugin/rbac_auth.py

diff --git a/patrole_tempest_plugin/rbac_auth.py b/patrole_tempest_plugin/rbac_auth.py
index 1afc7ae..40a46a7 100644
--- a/patrole_tempest_plugin/rbac_auth.py
+++ b/patrole_tempest_plugin/rbac_auth.py
@@ -15,15 +15,15 @@
 
 from oslo_log import log as logging
 
-from patrole_tempest_plugin import rbac_role_converter
+from patrole_tempest_plugin import rbac_policy_parser
 
 LOG = logging.getLogger(__name__)
 
 
 class RbacAuthority(object):
     def __init__(self, tenant_id, service=None):
-        self.converter = rbac_role_converter.RbacPolicyConverter(tenant_id,
-                                                                 service)
+        self.converter = rbac_policy_parser.RbacPolicyParser(tenant_id,
+                                                             service)
 
     def get_permission(self, rule_name, role):
         try:

patrole_tempest_plugin/rbac_policy_parser.py

diff --git a/patrole_tempest_plugin/rbac_role_converter.py b/patrole_tempest_plugin/rbac_policy_parser.py
similarity index 97%
rename from patrole_tempest_plugin/rbac_role_converter.py
rename to patrole_tempest_plugin/rbac_policy_parser.py
index bc6e006..860a53d 100644
--- a/patrole_tempest_plugin/rbac_role_converter.py
+++ b/patrole_tempest_plugin/rbac_policy_parser.py
@@ -19,15 +19,13 @@
 from oslo_log import log as logging
 from oslo_policy import generator
 from oslo_policy import policy
-from tempest import config
 
 from patrole_tempest_plugin import rbac_exceptions
 
-CONF = config.CONF
 LOG = logging.getLogger(__name__)
 
 
-class RbacPolicyConverter(object):
+class RbacPolicyParser(object):
     """A class for parsing policy rules into lists of allowed roles.
 
     RBAC testing requires that each rule in a policy file be broken up into
@@ -38,7 +36,7 @@
     """
 
     def __init__(self, tenant_id, service, path=None):
-        """Initialization of Policy Converter.
+        """Initialization of Rbac Policy Parser.
 
         Parses a policy file to create a dictionary, mapping policy actions to
         roles. If a policy file does not exist, checks whether the policy file
@@ -161,5 +159,5 @@
             LOG.debug("{0} not found in policy file.".format(apply_rule))
             return False
         except Exception as e:
-            LOG.debug("Exception: {0} for rule: {1}.".format(e, rule))
+            LOG.debug("Exception: {0} for rule: {1}.".format(e, apply_rule))
             return False

tests/test_rbac_policy_parser.py

diff --git a/tests/test_rbac_role_converter.py b/tests/test_rbac_policy_parser.py
similarity index 93%
rename from tests/test_rbac_role_converter.py
rename to tests/test_rbac_policy_parser.py
index 09fa081..cc0fc4f 100644
--- a/tests/test_rbac_role_converter.py
+++ b/tests/test_rbac_policy_parser.py
@@ -19,7 +19,7 @@
 from tempest import config
 from tempest.tests import base
 
-from patrole_tempest_plugin import rbac_role_converter
+from patrole_tempest_plugin import rbac_policy_parser
 
 CONF = config.CONF
 
@@ -43,12 +43,12 @@
                                                'resources',
                                                'tenant_rbac_policy.json')
 
-    @mock.patch.object(rbac_role_converter, 'LOG', autospec=True)
+    @mock.patch.object(rbac_policy_parser, 'LOG', autospec=True)
     def test_custom_policy(self, m_log):
         default_roles = ['zero', 'one', 'two', 'three', 'four',
                          'five', 'six', 'seven', 'eight', 'nine']
 
-        converter = rbac_role_converter.RbacPolicyConverter(
+        converter = rbac_policy_parser.RbacPolicyParser(
             None, "test", self.custom_policy_file)
 
         expected = {
@@ -76,7 +76,7 @@
                 self.assertFalse(converter.allowed(rule, role))
 
     def test_admin_policy_file_with_admin_role(self):
-        converter = rbac_role_converter.RbacPolicyConverter(
+        converter = rbac_policy_parser.RbacPolicyParser(
             None, "test", self.admin_policy_file)
 
         role = 'admin'
@@ -94,7 +94,7 @@
             self.assertFalse(allowed)
 
     def test_admin_policy_file_with_member_role(self):
-        converter = rbac_role_converter.RbacPolicyConverter(
+        converter = rbac_policy_parser.RbacPolicyParser(
             None, "test", self.admin_policy_file)
 
         role = 'Member'
@@ -113,7 +113,7 @@
             self.assertFalse(allowed)
 
     def test_admin_policy_file_with_context_is_admin(self):
-        converter = rbac_role_converter.RbacPolicyConverter(
+        converter = rbac_policy_parser.RbacPolicyParser(
             None, "test", self.alt_admin_policy_file)
 
         role = 'fake_admin'
@@ -147,7 +147,7 @@
         network:tenant_id pass.
         """
         test_tenant_id = mock.sentinel.tenant_id
-        converter = rbac_role_converter.RbacPolicyConverter(
+        converter = rbac_policy_parser.RbacPolicyParser(
             test_tenant_id, "test", self.tenant_policy_file)
 
         # Check whether Member role can perform expected actions.