commit 4ef7e5309c61583fb2a6e48777188aff06620227
author Felipe Monteiro <felipe.monteiro@att.com> Sun Mar 11 07:17:11 2018 -0400
committer Felipe Monteiro <felipe.monteiro@att.com> Mon Mar 26 19:44:15 2018 +0100
tree 0a3c947eabf100b82d2b797c4187891efa287ef0
parent f1c6757160d89c7115fda36383f2c3846544d04e

Remove already-deprecated strict_policy_check option

The option ``[patrole].strict_policy_check`` was deprecated
during the last release cycle (Queens). This was because the
option could be set to False in order to skip tests which
might result in false positives.

This PS, then, removes strict_policy_check references in the code,
updates documentation, and adds a releasenote.

Change-Id: I7f7eda39c0472bd3d70892c801fc4d14db0c0426

patrole_tempest_plugin/rbac_rule_validation.py

diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 97d246f..853e99b 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -163,8 +163,7 @@
                     LOG.error(msg)
             else:
                 if not allowed:
-                    LOG.error("Role %s was allowed to perform %s",
-                              role, rule)
+                    LOG.error("Role %s was allowed to perform %s", role, rule)
                     raise rbac_exceptions.RbacOverPermission(
                         "OverPermission: Role %s was allowed to perform %s" %
                         (role, rule))
@@ -200,10 +199,6 @@
 
     :raises RbacResourceSetupFailed: If `project_id` or `user_id` are missing
         from the `auth_provider` attribute in `test_obj`.
-    :raises RbacParsingException: if ``[patrole] strict_policy_check`` is True
-        and the ``rule`` does not exist in the system.
-    :raises skipException: If ``[patrole] strict_policy_check`` is False and
-        the ``rule`` does not exist in the system.
     """
 
     try:
@@ -215,33 +210,27 @@
         LOG.error(msg)
         raise rbac_exceptions.RbacResourceSetupFailed(msg)
 
-    try:
-        role = CONF.patrole.rbac_test_role
-        # Test RBAC against custom requirements. Otherwise use oslo.policy.
-        if CONF.patrole.test_custom_requirements:
-            authority = requirements_authority.RequirementsAuthority(
-                CONF.patrole.custom_requirements_file, service)
-        else:
-            formatted_target_data = _format_extra_target_data(
-                test_obj, extra_target_data)
-            authority = policy_authority.PolicyAuthority(
-                project_id, user_id, service,
-                extra_target_data=formatted_target_data)
-        is_allowed = authority.allowed(rule, role)
+    role = CONF.patrole.rbac_test_role
+    # Test RBAC against custom requirements. Otherwise use oslo.policy.
+    if CONF.patrole.test_custom_requirements:
+        authority = requirements_authority.RequirementsAuthority(
+            CONF.patrole.custom_requirements_file, service)
+    else:
+        formatted_target_data = _format_extra_target_data(
+            test_obj, extra_target_data)
+        authority = policy_authority.PolicyAuthority(
+            project_id, user_id, service,
+            extra_target_data=formatted_target_data)
+    is_allowed = authority.allowed(rule, role)
 
-        if is_allowed:
-            LOG.debug("[Action]: %s, [Role]: %s is allowed!", rule,
-                      role)
-        else:
-            LOG.debug("[Action]: %s, [Role]: %s is NOT allowed!",
-                      rule, role)
-        return is_allowed
-    except rbac_exceptions.RbacParsingException as e:
-        if CONF.patrole.strict_policy_check:
-            raise e
-        else:
-            raise testtools.TestCase.skipException(str(e))
-    return False
+    if is_allowed:
+        LOG.debug("[Action]: %s, [Role]: %s is allowed!", rule,
+                  role)
+    else:
+        LOG.debug("[Action]: %s, [Role]: %s is NOT allowed!",
+                  rule, role)
+
+    return is_allowed
 
 
 def _get_exception_type(expected_error_code=403):