Refactoring RbacUtils part 3 - documentation
Change the documnentation according to new RbacUtilsMixin
Story: 2002604
Task: 22223
Change-Id: I30ab8ea002f9312a5b50e2f2c511ed321a679c00
diff --git a/HACKING.rst b/HACKING.rst
index cd85d84..2dfb28c 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -64,7 +64,7 @@
---------------
Correct role overriding is vital to correct RBAC testing within Patrole. If a
-test does not call ``rbac_utils.override_role`` within the RBAC test, followed
+test does not call ``self.override_role()`` within the RBAC test, followed
by the API endpoint that enforces the expected policy action, then the test is
**not** a valid Patrole test: The API endpoint under test will be performed
with admin role, which is always wrong unless ``CONF.patrole.rbac_test_role``
diff --git a/REVIEWING.rst b/REVIEWING.rst
index 4ee847f..9993f2c 100644
--- a/REVIEWING.rst
+++ b/REVIEWING.rst
@@ -80,7 +80,7 @@
* testing the same policy in more than one test
For the first bullet, try to avoid calling the same API inside the
-``self.rbac_utils.override_role`` call.
+``self.override_role()`` call.
.. note::
diff --git a/doc/source/multi-policy-validation.rst b/doc/source/multi-policy-validation.rst
index 576fd68..441bd35 100644
--- a/doc/source/multi-policy-validation.rst
+++ b/doc/source/multi-policy-validation.rst
@@ -66,7 +66,7 @@
self.os_admin.servers_client.lock_server(self.server['id'])
self.addCleanup(self.servers_client.unlock_server, self.server['id'])
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.unlock_server(self.server['id'])
While the ``expected_error_codes`` parameter is omitted in the example above,
@@ -96,7 +96,7 @@
# Verify specific fields of a port
fields = ['binding:vif_type']
- with self.rbac_utils.override_role(self):
+ with self.override_role():
retrieved_port = self.ports_client.show_port(
self.port['id'], fields=fields)['port']
@@ -131,7 +131,7 @@
RBAC test for the neutron create_network:router:external policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._create_network(router_external=True)
Note that above the following expected error codes/rules relationship is
@@ -158,7 +158,7 @@
RBAC test for the neutron update_network:shared policy
"""
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._update_network(shared_network=True)
self.addCleanup(self._update_network, shared_network=False)
diff --git a/doc/source/test_writing_guide.rst b/doc/source/test_writing_guide.rst
index 4e0f0be..ac50210 100644
--- a/doc/source/test_writing_guide.rst
+++ b/doc/source/test_writing_guide.rst
@@ -34,7 +34,7 @@
#. Setup: Admin role is used automatically. The primary credentials are
overridden with the admin role.
#. Test execution: ``[patrole] rbac_test_roles`` is used manually via the
- call to ``with rbac_utils.override_role(self)``. Everything that
+ call to ``with self.override_role()``. Everything that
is executed within this contextmanager uses the primary
credentials overridden with the ``[patrole] rbac_test_roles``.
#. Teardown: Admin role is used automatically. The primary credentials have
@@ -68,7 +68,7 @@
"Test execution" here means calling the API endpoint that enforces the policy
action expected by the ``rbac_rule_validation`` decorator. Test execution
should be performed *only after* calling
-``with rbac_utils.override_role(self)``.
+``with self.override_role()``.
Immediately after that call, the API endpoint that enforces the policy should
be called.
@@ -89,7 +89,7 @@
aggregate_id = self._create_aggregate()
# Call the ``override_role`` method so that the primary credentials
# have the test role needed for test execution.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.aggregates_client.show_aggregate(aggregate_id)
When using a waiter, do the wait outside the contextmanager. "Waiting" always
@@ -113,7 +113,7 @@
self.addCleanup(self.servers_client.change_password, self.server['id'],
adminPass=original_password)
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self.servers_client.change_password(
self.server['id'], adminPass=data_utils.rand_password())
# Call the waiter outside the ``override_role`` contextmanager, so that
@@ -145,7 +145,7 @@
# Never call a helper function inside the contextmanager that calls a
# bunch of APIs. Only call the API that enforces the policy action
# contained in the decorator above.
- with self.rbac_utils.override_role(self):
+ with self.override_role():
self._complex_setup_method()
To fix this test, see the "Example using waiter" section above. It is
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 95bf36a..288ec29 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -461,7 +461,7 @@
def _validate_override_role_called(test_obj, actual_exception):
- """Validates that :func:`rbac_utils.RbacUtils.override_role` is called
+ """Validates that :func:`rbac_utils.RbacUtilsMixin.override_role` is called
during each Patrole test.
Useful for validating that the expected exception isn't raised too early