Remove already-deprecated strict_policy_check option
The option ``[patrole].strict_policy_check`` was deprecated
during the last release cycle (Queens). This was because the
option could be set to False in order to skip tests which
might result in false positives.
This PS, then, removes strict_policy_check references in the code,
updates documentation, and adds a releasenote.
Change-Id: I7f7eda39c0472bd3d70892c801fc4d14db0c0426
diff --git a/patrole_tempest_plugin/policy_authority.py b/patrole_tempest_plugin/policy_authority.py
index 6851942..99348b9 100644
--- a/patrole_tempest_plugin/policy_authority.py
+++ b/patrole_tempest_plugin/policy_authority.py
@@ -158,6 +158,8 @@
:param string rule_name: Rule to be checked using ``oslo.policy``.
:param bool is_admin: Whether admin context is used.
+ :raises RbacParsingException: If `rule_name`` does not exist in the
+ cloud (in policy file or among registered in-code policy defaults).
"""
is_admin_context = self._is_admin_context(role)
is_allowed = self._allowed(
@@ -215,9 +217,11 @@
policy_data = mgr_policy_data
else:
error_message = (
- 'Policy file for {0} service neither found in code nor at {1}.'
- .format(service, [loc % service for loc in
- CONF.patrole.custom_policy_files])
+ 'Policy file for {0} service was not found among the '
+ 'registered in-code policies or in any of the possible policy '
+ 'files: {1}.'.format(service,
+ [loc % service for loc in
+ CONF.patrole.custom_policy_files])
)
raise rbac_exceptions.RbacParsingException(error_message)