Remove deprecrated [rbac] config group
This PS removes the deprecated [rbac] config group. It was replaced
last release cycle with the [patrole] config group, which has
the exact same options. This is because [patrole] is more user-friendly
and congruent with the project name.
Change-Id: Id1a7af0445bd50f44ddcc4277f952391968726b8
diff --git a/patrole_tempest_plugin/config.py b/patrole_tempest_plugin/config.py
index 7966247..8ac2a20 100644
--- a/patrole_tempest_plugin/config.py
+++ b/patrole_tempest_plugin/config.py
@@ -22,16 +22,13 @@
PatroleGroup = [
cfg.StrOpt('rbac_test_role',
default='admin',
- deprecated_group='rbac',
help="""The current RBAC role against which to run Patrole
tests."""),
cfg.BoolOpt('enable_rbac',
default=True,
- deprecated_group='rbac',
help="Enables RBAC tests."),
cfg.BoolOpt('strict_policy_check',
default=True,
- deprecated_group='rbac',
deprecated_for_removal=True,
deprecated_reason="""This option allows for the possibility
of false positives. As a testing framework, Patrole should fail any test that
@@ -43,7 +40,6 @@
# other hosts. It may be possible to leverage the v3 identity policy API.
cfg.ListOpt('custom_policy_files',
default=['/etc/%s/policy.json'],
- deprecated_group='rbac',
help="""List of the paths to search for policy files. Each
policy path assumes that the service name is included in the path once. Also
assumes Patrole is on the same host as the policy files. The paths should be
@@ -52,7 +48,6 @@
"""),
cfg.BoolOpt('test_custom_requirements',
default=False,
- deprecated_group='rbac',
help="""
This option determines whether Patrole should run against a
`custom_requirements_file` which defines RBAC requirements. The
@@ -76,7 +71,6 @@
test result: fail (over-permission)
"""),
cfg.StrOpt('custom_requirements_file',
- deprecated_group='rbac',
help="""
File path of the yaml file that defines your RBAC requirements. This
file must be located on the same host that Patrole runs on. The yaml
@@ -106,12 +100,6 @@
]
-rbac_group = cfg.OptGroup(name='rbac',
- title='RBAC testing options',
- help="This group is deprecated and will be removed "
- "in the next release. Use the [patrole] group "
- "instead.")
-
patrole_log_group = cfg.OptGroup(
name='patrole_log', title='Patrole Logging Options')
@@ -141,8 +129,7 @@
"""
opt_list = [
(patrole_group, PatroleGroup),
- (patrole_log_group, PatroleLogGroup),
- (rbac_group, PatroleGroup)
+ (patrole_log_group, PatroleLogGroup)
]
return opt_list
diff --git a/patrole_tempest_plugin/plugin.py b/patrole_tempest_plugin/plugin.py
index b7717ea..a214892 100644
--- a/patrole_tempest_plugin/plugin.py
+++ b/patrole_tempest_plugin/plugin.py
@@ -62,12 +62,6 @@
RBACLOG.addHandler(rbac_report_handler)
def register_opts(self, conf):
- # TODO(fmontei): Remove ``rbac_group`` in a future release as it is
- # currently deprecated.
- config.register_opt_group(
- conf,
- project_config.rbac_group,
- project_config.PatroleGroup)
config.register_opt_group(
conf,
project_config.patrole_group,
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 9fa3740..2bb9eed 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -107,7 +107,7 @@
# passing the second boundary before attempting to authenticate.
# Only sleep if a token revocation occurred as a result of role
# switching. This will optimize test runtime in the case where
- # ``[identity] admin_role`` == ``[rbac] rbac_test_role``.
+ # ``[identity] admin_role`` == ``[patrole] rbac_test_role``.
if not role_already_present:
time.sleep(1)
test_obj.os_primary.auth_provider.set_auth()
diff --git a/patrole_tempest_plugin/tests/unit/test_patrole.py b/patrole_tempest_plugin/tests/unit/test_patrole.py
deleted file mode 100644
index 9b8e88c..0000000
--- a/patrole_tempest_plugin/tests/unit/test_patrole.py
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 2017 AT&T Corporation.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-"""
-Tests for `patrole` module.
-"""
-
-from tempest import config
-
-from patrole_tempest_plugin.tests.unit import base
-
-CONF = config.CONF
-
-
-class TestPatrole(base.TestCase):
-
- def test_rbac_group_backwards_compatability(self):
- """Validate that the deprecated group [rbac] is available and has the
- same options and option values as [patrole] group, which is current.
- """
- self.assertTrue(hasattr(CONF, 'patrole'))
- self.assertTrue(hasattr(CONF, 'rbac'))
- # Validate that both groups are identical.
- self.assertEqual(CONF.patrole.items(), CONF.rbac.items())