Merge "Fix typos for custom requirements config options descriptions"
diff --git a/etc/patrole.conf.sample b/etc/patrole.conf.sample
index 5816ea9..518d38a 100644
--- a/etc/patrole.conf.sample
+++ b/etc/patrole.conf.sample
@@ -28,15 +28,15 @@
#
# This option determines whether Patrole should run against a
-# `custom_requirements_file` which defines RBAC requirements. The
+# ``custom_requirements_file`` which defines RBAC requirements. The
# purpose of setting this flag to True is to verify that RBAC policy
# is in accordance to requirements. The idea is that the
-# `custom_requirements_file` perfectly defines what the RBAC
+# ``custom_requirements_file`` perfectly defines what the RBAC
# requirements are.
#
# Here are the possible outcomes when running the Patrole tests
# against
-# a `custom_requirements_file`:
+# a ``custom_requirements_file``:
#
# YAML definition: allowed
# test run: allowed
@@ -44,7 +44,7 @@
#
# YAML definition: allowed
# test run: not allowed
-# test result: fail (under-permission)
+# test result: fail (under-permission, e.g. Forbidden exception)
#
# YAML definition: not allowed
# test run: allowed
@@ -53,30 +53,32 @@
#test_custom_requirements = false
#
-# File path of the yaml file that defines your RBAC requirements. This
-# file must be located on the same host that Patrole runs on. The yaml
+# File path of the YAML file that defines your RBAC requirements. This
+# file must be located on the same host that Patrole runs on. The YAML
# file should be written as follows:
#
# ```
-# <service>:
-# <api_action>:
-# - <allowed_role>
-# - <allowed_role>
-# - <allowed_role>
-# <api_action>:
-# - <allowed_role>
-# - <allowed_role>
-# <service>
-# <api_action>:
-# - <allowed_role>
+# <service_foo>:
+# <api_action_x>:
+# - <allowed_role_a>
+# - <allowed_role_b>
+# - <allowed_role_c>
+# <api_action_y>:
+# - <allowed_role_d>
+# - <allowed_role_e>
+# <service_bar>:
+# <api_action_z>:
+# - <allowed_role_b>
# ```
+#
# Where:
-# service = the service that is being tested (cinder, nova, etc)
+#
+# service = the service that is being tested (Cinder, Nova, etc.)
# api_action = the policy action that is being tested. Examples:
# - volume:create
# - os_compute_api:servers:start
# - add_image
-# allowed_role = the Keystone role that is allowed to perform the API
+# allowed_role = the Keystone role that is allowed to perform the API.
# (string value)
#custom_requirements_file = <None>
diff --git a/patrole_tempest_plugin/config.py b/patrole_tempest_plugin/config.py
index 5103888..f379859 100644
--- a/patrole_tempest_plugin/config.py
+++ b/patrole_tempest_plugin/config.py
@@ -41,13 +41,13 @@
default=False,
help="""
This option determines whether Patrole should run against a
-`custom_requirements_file` which defines RBAC requirements. The
+``custom_requirements_file`` which defines RBAC requirements. The
purpose of setting this flag to True is to verify that RBAC policy
is in accordance to requirements. The idea is that the
-`custom_requirements_file` perfectly defines what the RBAC requirements are.
+``custom_requirements_file`` perfectly defines what the RBAC requirements are.
Here are the possible outcomes when running the Patrole tests against
-a `custom_requirements_file`:
+a ``custom_requirements_file``:
YAML definition: allowed
test run: allowed
@@ -55,7 +55,7 @@
YAML definition: allowed
test run: not allowed
-test result: fail (under-permission)
+test result: fail (under-permission, e.g. Forbidden exception)
YAML definition: not allowed
test run: allowed
@@ -63,30 +63,32 @@
"""),
cfg.StrOpt('custom_requirements_file',
help="""
-File path of the yaml file that defines your RBAC requirements. This
-file must be located on the same host that Patrole runs on. The yaml
+File path of the YAML file that defines your RBAC requirements. This
+file must be located on the same host that Patrole runs on. The YAML
file should be written as follows:
```
-<service>:
- <api_action>:
- - <allowed_role>
- - <allowed_role>
- - <allowed_role>
- <api_action>:
- - <allowed_role>
- - <allowed_role>
-<service>
- <api_action>:
- - <allowed_role>
+<service_foo>:
+ <api_action_x>:
+ - <allowed_role_a>
+ - <allowed_role_b>
+ - <allowed_role_c>
+ <api_action_y>:
+ - <allowed_role_d>
+ - <allowed_role_e>
+<service_bar>:
+ <api_action_z>:
+ - <allowed_role_b>
```
+
Where:
-service = the service that is being tested (cinder, nova, etc)
+
+service = the service that is being tested (Cinder, Nova, etc.)
api_action = the policy action that is being tested. Examples:
- volume:create
- os_compute_api:servers:start
- add_image
-allowed_role = the Keystone role that is allowed to perform the API
+allowed_role = the Keystone role that is allowed to perform the API.
""")
]