Deprecate [rbac] configuration group.
The [rbac] configuration group has been deprecated
and will be removed in the next release. It has been
renamed to the [patrole] group which contains
the exact same options.
This commit makes necessary deprecation changes,
along with renaming changes to documentation, unit
tests and framework.
Change-Id: I71198506b97b98ac18a969b7e6b13b664579c081
diff --git a/patrole_tempest_plugin/tests/unit/fixtures.py b/patrole_tempest_plugin/tests/unit/fixtures.py
index ed50e15..6b42949 100644
--- a/patrole_tempest_plugin/tests/unit/fixtures.py
+++ b/patrole_tempest_plugin/tests/unit/fixtures.py
@@ -61,7 +61,7 @@
def setUp(self):
super(RbacUtilsFixture, self).setUp()
- self.useFixture(ConfPatcher(rbac_test_role='member', group='rbac'))
+ self.useFixture(ConfPatcher(rbac_test_role='member', group='patrole'))
self.useFixture(ConfPatcher(
admin_role='admin', auth_version='v3', group='identity'))
diff --git a/patrole_tempest_plugin/tests/unit/test_patrole.py b/patrole_tempest_plugin/tests/unit/test_patrole.py
index 58aff05..9b8e88c 100644
--- a/patrole_tempest_plugin/tests/unit/test_patrole.py
+++ b/patrole_tempest_plugin/tests/unit/test_patrole.py
@@ -14,16 +14,23 @@
# under the License.
"""
-test_patrole
-----------------------------------
-
Tests for `patrole` module.
"""
+from tempest import config
+
from patrole_tempest_plugin.tests.unit import base
+CONF = config.CONF
+
class TestPatrole(base.TestCase):
- def test_something(self):
- pass
+ def test_rbac_group_backwards_compatability(self):
+ """Validate that the deprecated group [rbac] is available and has the
+ same options and option values as [patrole] group, which is current.
+ """
+ self.assertTrue(hasattr(CONF, 'patrole'))
+ self.assertTrue(hasattr(CONF, 'rbac'))
+ # Validate that both groups are identical.
+ self.assertEqual(CONF.patrole.items(), CONF.rbac.items())
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_policy_parser.py b/patrole_tempest_plugin/tests/unit/test_rbac_policy_parser.py
index 36fa045..6f173a2 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_policy_parser.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_policy_parser.py
@@ -64,9 +64,9 @@
current_directory, 'resources', '%s.json')
CONF.set_override(
- 'custom_policy_files', [self.conf_policy_path], group='rbac')
+ 'custom_policy_files', [self.conf_policy_path], group='patrole')
self.addCleanup(CONF.clear_override, 'custom_policy_files',
- group='rbac')
+ group='patrole')
# Guarantee a blank slate for each test.
for attr in ('available_services', 'policy_files'):
@@ -393,7 +393,7 @@
'Policy file for {0} service neither found in code '\
'nor at {1}.'.format(
'test_service',
- [CONF.rbac.custom_policy_files[0] % 'test_service'])
+ [CONF.patrole.custom_policy_files[0] % 'test_service'])
self.assertIn(expected_error, str(e))
@@ -439,7 +439,7 @@
expected_error = (
'Policy file for {0} service neither found in code nor at {1}.'
- .format('tenant_rbac_policy', [CONF.rbac.custom_policy_files[0]
+ .format('tenant_rbac_policy', [CONF.patrole.custom_policy_files[0]
% 'tenant_rbac_policy']))
self.assertIn(expected_error, str(e))
@@ -473,7 +473,7 @@
# The expected policy will be 'baz/test_service'.
CONF.set_override(
'custom_policy_files', ['foo/%s', 'bar/%s', 'baz/%s'],
- group='rbac')
+ group='patrole')
policy_parser = rbac_policy_parser.RbacPolicyParser(
None, None, 'test_service')
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
index a9acf1c..8a69ff6 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
@@ -37,8 +37,8 @@
self.mock_args.os_primary.credentials.user_id = \
mock.sentinel.user_id
- CONF.set_override('rbac_test_role', 'Member', group='rbac')
- self.addCleanup(CONF.clear_override, 'rbac_test_role', group='rbac')
+ CONF.set_override('rbac_test_role', 'Member', group='patrole')
+ self.addCleanup(CONF.clear_override, 'rbac_test_role', group='patrole')
@mock.patch.object(rbac_rv, 'LOG', autospec=True)
@mock.patch.object(rbac_rv, 'rbac_policy_parser', autospec=True)
@@ -310,9 +310,9 @@
def test_invalid_policy_rule_throws_parsing_exception(
self, mock_rbac_policy_parser):
"""Test that invalid policy action causes test to be skipped."""
- CONF.set_override('strict_policy_check', True, group='rbac')
+ CONF.set_override('strict_policy_check', True, group='patrole')
self.addCleanup(CONF.clear_override, 'strict_policy_check',
- group='rbac')
+ group='patrole')
mock_rbac_policy_parser.RbacPolicyParser.return_value.allowed.\
side_effect = rbac_exceptions.RbacParsingException
diff --git a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
index 540283a..87adff0 100644
--- a/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_utils.py
@@ -35,7 +35,7 @@
def test_switch_role_with_missing_admin_role(self):
self.rbac_utils.set_roles('member')
error_re = (
- 'Roles defined by `\[rbac\] rbac_test_role` and `\[identity\] '
+ 'Roles defined by `\[patrole\] rbac_test_role` and `\[identity\] '
'admin_role` must be defined in the system.')
self.assertRaisesRegex(rbac_exceptions.RbacResourceSetupFailed,
error_re, self.rbac_utils.switch_role)
@@ -43,7 +43,7 @@
def test_switch_role_with_missing_rbac_role(self):
self.rbac_utils.set_roles('admin')
error_re = (
- 'Roles defined by `\[rbac\] rbac_test_role` and `\[identity\] '
+ 'Roles defined by `\[patrole\] rbac_test_role` and `\[identity\] '
'admin_role` must be defined in the system.')
self.assertRaisesRegex(rbac_exceptions.RbacResourceSetupFailed,
error_re, self.rbac_utils.switch_role)