commit 7be94e80e9d6c358cc32b7f94dcc44633dc5bcc0
author Felipe Monteiro <felipe.monteiro@att.com> Wed Jul 26 02:17:08 2017 +0100
committer Felipe Monteiro <felipe.monteiro@att.com> Tue Jul 25 18:43:17 2017 +0000
tree 98fef7ac7cc83c5306f8289b0d127007c1718cca
parent ffa47e6666f3b54865b9bd120a5444718addb626

Switch to enabled version of identity clients

Patrole always uses (e.g.) v3 roles client to retrieve
list of roles which is bad if the v3 identity service is not enabled.

Cases like the following:

    self.roles_client = test_obj.os_admin.roles_v3_client

Should be changed to:

    self.roles_client = test_obj.os_admin.roles_v3_client \
                        if CONF.identity_feature_enabled.api_v3 \
                        else test_obj.os_admin.roles_client

This commit switches between the correct identity client
depending on the identity version that is enabled in tempest.conf.
The v3 client is prioritized as identity v3 is current.

This commit also corrects/improves upon some documentation errata.

Change-Id: I9a12196f11473ac4e045ae90c4321219beab7ca6
Closes-Bug: #1702980

patrole_tempest_plugin/rbac_rule_validation.py

diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 0a101d7..51b9d92 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -143,6 +143,9 @@
         reference nested BaseTestCase attributes
     :returns: True if the current RBAC role can perform the policy action else
         False
+
+    :raises RbacResourceSetupFailed: if project_id or user_id are missing from
+        the Tempest test object's `auth_provider`
     :raises RbacParsingException: if ``CONF.rbac.strict_policy_check`` is
         enabled and the ``rule_name`` does not exist in the system
     :raises skipException: if ``CONF.rbac.strict_policy_check`` is