Change rbac_utils.RbacUtils is_admin to function
This is a trivial change that changes is_admin to a function
(instead of a property) because properties can only be used
in the instance context whereas non-class functions can be used
in both instance and class contexts.
This allows ``test_tokens_negative_rbac`` to use is_admin()
now since it is used in a class context.
Change-Id: I9244f10cd536050986185651421a446fef8e2ade
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 51b9d92..da27a20 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -25,6 +25,7 @@
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_policy_parser
+from patrole_tempest_plugin import rbac_utils
from patrole_tempest_plugin import requirements_authority
CONF = config.CONF
@@ -85,7 +86,7 @@
LOG.info("As admin_only is True, only admin role should be "
"allowed to perform the API. Skipping oslo.policy "
"check for policy action {0}.".format(rule))
- allowed = test_obj.rbac_utils.is_admin
+ allowed = rbac_utils.is_admin()
else:
allowed = _is_authorized(test_obj, service, rule,
extra_target_data)
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 9d7a807..29d41d3 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -195,13 +195,13 @@
self.admin_role_id = admin_role_id
self.rbac_role_id = rbac_role_id
- @property
- def is_admin(self):
- """Verifies whether the current test role equals the admin role.
- :returns: True if ``rbac_test_role`` is the admin role.
- """
- return CONF.rbac.rbac_test_role == CONF.identity.admin_role
+def is_admin():
+ """Verifies whether the current test role equals the admin role.
+
+ :returns: True if ``rbac_test_role`` is the admin role.
+ """
+ return CONF.rbac.rbac_test_role == CONF.identity.admin_role
@six.add_metaclass(abc.ABCMeta)
diff --git a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
index e733e26..fc50ab5 100644
--- a/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v2/test_projects_rbac.py
@@ -18,6 +18,7 @@
from patrole_tempest_plugin import rbac_exceptions
from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin import rbac_utils
from patrole_tempest_plugin.tests.api.identity import rbac_base
CONF = config.CONF
@@ -112,7 +113,7 @@
admin-scoped tenants, raise ``RbacActionFailed`` exception otherwise.
"""
tenants_client = self.os_admin.tenants_client if \
- self.rbac_utils.is_admin else self.os_primary.tenants_client
+ rbac_utils.is_admin() else self.os_primary.tenants_client
admin_tenant_id = self.os_admin.credentials.project_id
non_admin_tenant_id = self.os_primary.credentials.project_id
diff --git a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
index 90952a8..18e5bf1 100644
--- a/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
+++ b/patrole_tempest_plugin/tests/api/identity/v3/test_tokens_negative_rbac.py
@@ -18,6 +18,7 @@
from tempest.lib import exceptions as lib_exc
from patrole_tempest_plugin import rbac_rule_validation
+from patrole_tempest_plugin import rbac_utils
from patrole_tempest_plugin.tests.api.identity import rbac_base
CONF = config.CONF
@@ -31,8 +32,8 @@
def skip_checks(cls):
super(IdentityTokenV3RbacTest, cls).skip_checks()
# In case of admin, the positive testcase would be used, hence
- # skipping negative testcase
- if CONF.rbac.rbac_test_role == CONF.identity.admin_role:
+ # skipping negative testcase.
+ if rbac_utils.is_admin():
raise cls.skipException(
"Skipped as admin role doesn't require negative testing")