Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / e0f35503c90bee01666ee252689738c7c2042ce8^! / . / doc / source / configuration.rst
commite0f35503c90bee01666ee252689738c7c2042ce8[log] [tgz]
authorMykola Yakovliev <VegasQ@gmail.com>Wed Sep 26 18:26:57 2018 -0500
committerMykola Yakovliev <myakovliev@mirantis.com>Wed Oct 31 20:45:13 2018 +0000
treefc80d222332c6925886acec96e4192d30636569d
parentc38aca7587f526dbea4b3337b0a4822ae837d4ea [diff] [blame]
Multi role RBAC validation

This patchset replaces ``CONF.patrole.rbac_test_role`` with
``CONF.patrole.rbac_test_roles``, where instead of single role
we can specify list of roles to be assigned to test user.

Change-Id: Ia68bcbdbb523dfe7c4abd6107fb4c426a566ae9d

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index f6aaf04..05716fe 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst

@@ -7,34 +7,28 @@
 file. All Patrole-specific configuration options should be included under
 the ``patrole`` group.
 
-RBAC Test Role
---------------
+RBAC Test Roles
+---------------
 
-The RBAC test role governs which role is used when running Patrole tests. For
-example, setting ``rbac_test_role`` to "admin" will execute all RBAC tests
-using admin credentials. Changing the ``rbac_test_role`` value will `override`
-Tempest's primary credentials to use that role.
+The RBAC test roles govern the list of roles to be used when running Patrole
+tests. For example, setting ``rbac_test_roles`` to "admin" will execute all
+RBAC tests using admin credentials. Changing the ``rbac_test_roles`` value
+will `override` Tempest's primary credentials to use that role.
 
-This implies that, if ``rbac_test_role`` is "admin", regardless of the Tempest
+This implies that, if ``rbac_test_roles`` is "admin", regardless of the Tempest
 credentials used by a client, the client will be calling APIs using the admin
 role. That is, ``self.os_primary.servers_client`` will run as though it were
 ``self.os_admin.servers_client``.
 
-Similarly, setting ``rbac_test_role`` to a non-admin role results in Tempest's
-primary credentials being overridden by the role specified by
-``rbac_test_role``.
+Similarly, setting ``rbac_test_roles`` with various roles, results in
+Tempest's primary credentials being overridden by the roles specified by
+``rbac_test_roles``.
 
 .. note::
 
-    Only the role of the primary Tempest credentials ("os_primary") is
+    Only the roles of the primary Tempest credentials ("os_primary") are
     modified. The ``user_id`` and ``project_id`` remain unchanged.
 
-Enable RBAC
------------
-
-Given the value of ``enable_rbac``, enables or disables Patrole tests. If
-``enable_rbac`` is ``False``, then Patrole tests are skipped.
-
 Custom Policy Files
 -------------------