Merge "Unskip test that relied on Neutron bug being fixed"
diff --git a/REVIEWING.rst b/REVIEWING.rst
index 9993f2c..f8ea144 100644
--- a/REVIEWING.rst
+++ b/REVIEWING.rst
@@ -181,8 +181,9 @@
When to approve
---------------
-* Every patch needs two +2's before being approved.
+* Every patch can be approved with single +2 which means single reviewer can approve.
* It's OK to hold off on an approval until a subject matter expert reviews it.
* If a patch has already been approved but requires a trivial rebase to merge,
- you do not have to wait for a second +2, since the patch has already had
- two +2's.
+ you do not have to wait for a +2, since the patch has already had +2's. With
+ single +2 rule, this means that author can also approve this case if he/she has
+ approve rights.
diff --git a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
index 94fd921..7bdd3da 100644
--- a/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_misc_policy_actions_rbac.py
@@ -31,6 +31,17 @@
CONF = config.CONF
+if CONF.policy_feature_enabled.changed_nova_policies_ussuri:
+ _DEFERRED_FORCE = "os_compute_api:os-deferred-delete:force"
+ _ATTACH_INTERFACES_LIST = "os_compute_api:os-attach-interfaces:list"
+ _ATTACH_INTERFACES_SHOW = "os_compute_api:os-attach-interfaces:show"
+ _INSTANCE_ACTIONS_LIST = "os_compute_api:os-instance-actions:list"
+else:
+ _DEFERRED_FORCE = "os_compute_api:os-deferred-delete"
+ _ATTACH_INTERFACES_LIST = "os_compute_api:os-attach-interfaces"
+ _ATTACH_INTERFACES_SHOW = "os_compute_api:os-attach-interfaces"
+ _INSTANCE_ACTIONS_LIST = "os_compute_api:os-instance-actions"
+
class MiscPolicyActionsRbacTest(rbac_base.BaseV2ComputeRbacTest):
"""Test multiple policy actions that require a server to be created.
@@ -171,7 +182,7 @@
@decorators.idempotent_id('189bfed4-1e6d-475c-bb8c-d57e60895391')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-deferred-delete"])
+ rules=[_DEFERRED_FORCE])
def test_force_delete_server(self):
"""Test force delete server, part of os-deferred-delete."""
with self.override_role():
@@ -341,7 +352,7 @@
@decorators.idempotent_id('9d1b131d-407e-4fa3-8eef-eb2c4526f1da')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-instance-actions"])
+ rules=[_INSTANCE_ACTIONS_LIST])
def test_list_instance_actions(self):
"""Test list instance actions, part of os-instance-actions."""
with self.override_role():
@@ -658,7 +669,7 @@
@decorators.idempotent_id('ddf53cb6-4a0a-4e5a-91e3-6c32aaa3b9b6')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-attach-interfaces"])
+ rules=[_ATTACH_INTERFACES_LIST])
def test_list_interfaces(self):
"""Test list interfaces, part of os-attach-interfaces."""
with self.override_role():
@@ -670,7 +681,7 @@
@utils.requires_ext(extension='os-attach-interfaces', service='compute')
@rbac_rule_validation.action(
service="nova",
- rules=["os_compute_api:os-attach-interfaces"])
+ rules=[_ATTACH_INTERFACES_SHOW])
def test_show_interface(self):
"""Test show interfaces, part of os-attach-interfaces."""
interface = self._attach_interface_to_server()
diff --git a/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml b/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml
new file mode 100644
index 0000000..cb3d047
--- /dev/null
+++ b/releasenotes/notes/adopt_nova_new_policies-c61d1c3751ff1bf9.yaml
@@ -0,0 +1,12 @@
+---
+features:
+ - |
+ Nova adopting the new policy defaults in ussuri cycle which
+ include some of the policies are made granular.
+
+ Patorle tests will adopt the new polcies. Below are the
+ policies changed in patrole tests:
+
+ - os_compute_api:os-services
+ - os_compute_api:deferred_delete
+ - os_compute_api:os-attach-interfaces