Deprecate strict_policy_enforce configuration option The configuration option ``[patrole] strict_policy_check`` is deprecated and will be removed in the Rocky release cycle. The default value for ``[patrole] strict_policy_check`` has been changed to ``True`` because a Patrole test should always fail if the policy action is invalid, to avoid false positives. Change-Id: Idb902f23b1845bdbc9ac8fb490f3e74e262c1451

commit: f71def828a1598e3cee0a1a5c3702f6bfaa650e0 [log] [tgz]
author: Felipe Monteiro <felipe.monteiro@att.com> Tue Nov 07 03:27:13 2017 +0000
committer: Felipe Monteiro <felipe.monteiro@att.com> Tue Nov 21 23:34:19 2017 +0000
tree: 710e2db8b5cf7afd4a34a1108a89b1f1b0f5564b
parent: e182300601d0b17c85f86315d1904525b1bc1977 [diff] [blame]
diff --git a/patrole_tempest_plugin/config.py b/patrole_tempest_plugin/config.py
index d309d60..7966247 100644
--- a/patrole_tempest_plugin/config.py
+++ b/patrole_tempest_plugin/config.py

@@ -30,8 +30,12 @@
                 deprecated_group='rbac',
                 help="Enables RBAC tests."),
     cfg.BoolOpt('strict_policy_check',
-                default=False,
+                default=True,
                 deprecated_group='rbac',
+                deprecated_for_removal=True,
+                deprecated_reason="""This option allows for the possibility
+of false positives. As a testing framework, Patrole should fail any test that
+passes in an invalid policy.""",
                 help="""If true, throws RbacParsingException for policies which
 don't exist or are not included in the service's policy file. If false, throws
 skipException."""),
commit	f71def828a1598e3cee0a1a5c3702f6bfaa650e0	[log] [tgz]
author	Felipe Monteiro <felipe.monteiro@att.com>	Tue Nov 07 03:27:13 2017 +0000
committer	Felipe Monteiro <felipe.monteiro@att.com>	Tue Nov 21 23:34:19 2017 +0000
tree	710e2db8b5cf7afd4a34a1108a89b1f1b0f5564b
parent	e182300601d0b17c85f86315d1904525b1bc1977 [diff] [blame]