doc/source/field_guide/index.rst - packaging/sources/patrole - Gitiles

 .. _patrole-field-guide:

 ============================
 Patrole Field Guide Overview
 ============================

 Testing Scope
 =============

 Patrole testing scope is strictly confined to Role-Based Access Control
 (RBAC). In OpenStack, ``oslo.policy`` is the RBAC library used by all
 major services. Thus, Patrole is concerned with validating that public API
 endpoints are correctly using ``oslo.policy`` for authorization.

 In other words, all tests in Patrole are RBAC tests.

 :ref:`rbac_field_guide`
 =======================

 RBAC tests are `Tempest`_-like API tests plus Patrole's
 :ref:`rbac-validation`. All Patrole tests are RBAC validation tests for the
 OpenStack API.

 .. _Tempest: https://docs.openstack.org/tempest/latest/

 Stable Tests
 ============

 In the discussion below, "correct" means that a test is consistent with
 a service's API-to-policy mapping and "stable" means that a test should
 require minimal maintenance for the supported releases.

 Present
 -------

 During the Queens release, a `governance spec`_ was pushed to support policy
 in code, which documents the mapping between APIs and each of their policies.

 This documentation is an important prerequisite for ensuring that Patrole
 tests for a given service are correct. This mapping can be referenced to
 confirm that Patrole's assumed mapping for a test is correct. For
 example, Nova has implemented policy in code which can be used to verify
 that Patrole's Nova RBAC tests use the same mapping.

 If a given service does not have policy in code, this implies that it is
 *more likely* that the RBAC tests for that service are inconsistent with the
 *intended* policy mapping. Until that service implements policy in code, it
 is difficult for Patrole maintainers to verify that tests for that service
 are correct.

 Future
 ------

 Once all services that Patrole tests have implemented policy in code --
 and once Patrole has updated all its tests in accordance with the policy in
 code documentation -- then Patrole tests can guaranteed to be stable.

 This stability will be denoted with a 1.0 version release.

 .. _governance spec: https://governance.openstack.org/tc/goals/queens/policy-in-code.html
	.. _patrole-field-guide:

	============================
	Patrole Field Guide Overview
	============================

	Testing Scope
	=============

	Patrole testing scope is strictly confined to Role-Based Access Control
	(RBAC). In OpenStack, ``oslo.policy`` is the RBAC library used by all
	major services. Thus, Patrole is concerned with validating that public API
	endpoints are correctly using ``oslo.policy`` for authorization.

	In other words, all tests in Patrole are RBAC tests.

	:ref:`rbac_field_guide`
	=======================

	RBAC tests are `Tempest`_-like API tests plus Patrole's
	:ref:`rbac-validation`. All Patrole tests are RBAC validation tests for the
	OpenStack API.

	.. _Tempest: https://docs.openstack.org/tempest/latest/

	Stable Tests
	============

	In the discussion below, "correct" means that a test is consistent with
	a service's API-to-policy mapping and "stable" means that a test should
	require minimal maintenance for the supported releases.

	Present
	-------

	During the Queens release, a `governance spec`_ was pushed to support policy
	in code, which documents the mapping between APIs and each of their policies.

	This documentation is an important prerequisite for ensuring that Patrole
	tests for a given service are correct. This mapping can be referenced to
	confirm that Patrole's assumed mapping for a test is correct. For
	example, Nova has implemented policy in code which can be used to verify
	that Patrole's Nova RBAC tests use the same mapping.

	If a given service does not have policy in code, this implies that it is
	more likely that the RBAC tests for that service are inconsistent with the
	intended policy mapping. Until that service implements policy in code, it
	is difficult for Patrole maintainers to verify that tests for that service
	are correct.

	Future
	------

	Once all services that Patrole tests have implemented policy in code --
	and once Patrole has updated all its tests in accordance with the policy in
	code documentation -- then Patrole tests can guaranteed to be stable.

	This stability will be denoted with a 1.0 version release.

	.. _governance spec: https://governance.openstack.org/tc/goals/queens/policy-in-code.html