Add role-switching validation to Patrole framework.
Currently, no role validation is performed when calling switch_role. This
is problematic for the following reasons:
- The only "validation" right now checks whether switchToRbacRole is None.
If so, None is returned. The validation used is nowhere near as robust
as it should be -- what if a string or int is passed in? -- and an error
should be thrown instead of silently returning None.
- If switch_role is called with the same boolean value twice, then the
rbac_role under test is never switched to: this should be detected
and flagged as an error.
- If switch_role is not called in a test, then an error should definitely
be thrown as well, because then the test may pass as a false positive.
This patch adds role validation so that the above cases are avoided.
This patch also updated unit tests and added additional ones
where needed.
Implements: blueprint add-switch-role-validation
Change-Id: Ida0f03af236eb0f91d8cc96d51ca57671b4eef7c
3 files changed